I'm trying to implement transport level security for WCF services.
My application architecture is as follows:
WCF service is hosted as windows service in domainA.
Client is a WinForms application in DomainB.
Since it's a cross domain scenario, I have to use certificates for authenticating client and service so they can establish a secure connection.
My understanding is I need 3 certificates to achieve this:
- Service certificate - authenticates the service to the client.
Should be installed in Local Machine --> Trusted Root Certificates store on a service machine. - Certificate authority - a certificate that can be used to issue user specific certificates. Where should this one be installed? Service or client machine?
- User certificate.
Should be installed in Current User --> Trusted Root Certificate on a client machine.
I couldn't find any examples on the web that use certifcate authentication over tcp protocol.
I could only find https examples with services hosted in IIS.
Any reference to a tcp scenario is greatly appreciated.
Are my assumptions correct?
Where should I install the Certificate Authority certificate (item 2)?
Are there other, easier approaches besides using certificates to accomplish transport level security over tcp in a cross domain environments?
Thank you in advance.